DevNest is a scalable backend platform inspired by X (Twitter), built with Node.js, TypeScript, NestJS, Prisma, PostgreSQL, and Redis.
It follows a modular architecture and focuses on building production-ready social platform features with performance, scalability, and maintainability in mind.
DevNest follows the standard NestJS modular architecture using PostgreSQL as the single source of truth:
Module → Controller → Service → Repository (Prisma) → Database (PostgreSQL)
- ✅ Clear separation of concerns
- ✅ Single Source of Truth: PostgreSQL holds all critical user data (Users, Posts, Comments, Likes, Graph).
- ✅ Modular and scalable
- ✅ Dependency injection for better maintainability
- ✅ Pull-based Feed: The home feed is generated on-the-fly by querying posts from followed users, avoiding data duplication.
src/
├── auth/ # Authentication module
├── comments/ # Comments module
├── common/ # Shared utilities
├── email/ # Email module (Worker-compatible)
├── feed/ # Feed module
├── generated/ # Generated Prisma client code
├── lib/ # Library & helper functions
├── likes/ # Likes module
├── posts/ # Posts module
├── prisma/ # Prisma service
├── profile/ # User profile management
├── users/ # User management
├── app.module.ts # Root module
├── main.ts # Application entry point
├── worker.module.ts # Worker entry module
└── worker.ts # Worker entry point
prisma/
└── postgres/ # PostgreSQL schema & migrations
└── schema.prisma- Node.js & TypeScript
- NestJS (Backend Framework)
- Node.js Clustering & Worker Threads (Horizontal scaling & async bcrypt operations via
piscina) - Prisma ORM (Database Access)
- PostgreSQL (Relational Database)
- Redis (Caching & Queues)
- BullMQ (Background Jobs & Queues)
- Authentication (JWT, Refresh Token Rotation, Google OAuth 2.0, Privacy Hashing)
- Testing & Performance (Jest for E2E, k6 for Load Testing)
- Code Quality (ESLint Flat Config & Prettier)
- Dockerization (Docker Compose for full environment)
DevNest implements advanced security and privacy features:
- Robust Token Generation: Refresh tokens include a unique UUID (
tokenId) in the payload to prevent collisions during rapid authentication requests. - Refresh Token Rotation: Each time a token is refreshed, a new one is issued, and the old one is revoked. Reuse of an old token triggers a chain revocation for security.
- Device Tracking: We log
IP AddressandUser-Agentfor each login to detect suspicious activity. - IP Privacy: All IP addresses are hashed (SHA-256) before storage to protect user privacy.
- Soft Deletes: User accounts are soft-deleted (
deletedAttimestamp). This action instantly revokes all active sessions (Refresh Tokens) and prevents further logins. - Cascade Revocation: Deleting an account or detecting token reuse instantly invalidates all associated tokens.
- Node.js (v18+ recommended)
- Docker & Docker Compose (for easy database setup)
- Git
git clone https://github.com/johnvesslyalti/dev-nest.git
cd dev-nestCreate a .env file in the root directory (you can use .env.example as a template):
# PostgreSQL
POSTGRES_URL=postgresql://postgres:password123@localhost:5432/devnest?schema=public
# Redis
REDIS_URL=redis://localhost:6379
# Auth
ACCESS_SECRET=your_access_secret
REFRESH_SECRET=your_refresh_secret
PORT=3001You can spin up the PostgreSQL and Redis instances utilizing the provided docker-compose.yml:
docker-compose up postgres redis -d(Optionally, you can run the entire API inside Docker with docker-compose up -d)
-
Install Dependencies
npm install
-
Database Setup
Generate the Prisma client:
npm run generate
Run migrations to set up the database schema:
npm run migrate:pg
-
Start the Backend
# Development mode npm run dev # Production mode npm run build npm run start:prod
Server defaults to
http://localhost:3001/api/v1. -
Start the Background Worker (Optional but recommended) The worker handles background jobs such as sending emails.
# Development mode npm run start:worker:dev # Production mode npm run build # (if not already built) npm run start:worker
DevNest includes comprehensive tests.
Ensure your test databases are correctly configured, then run:
# Run all E2E tests
npm run test:e2e
# Run with coverage report
npm run test:e2e:cov-
Ensure the backend is running (
npm run dev). -
Run the manual functional test:
npm run test:manual
Expected Output:
✅ All tests passed successfully! -
Verify Authentication:
npm run test:auth
DevNest is highly optimized to handle high concurrency and offload heavy CPU-bound tasks.
- Worker Threads:
bcryptpassword hashing is entirely offloaded to apiscinaworker pool. - Horizontal Scaling: The API leverages the Node.js
clustermodule to fork instances across cores. - Database Connection Pooling: Prisma connections are strictly regulated per-instance to prevent PostgreSQL connection exhaustion.
To run the load tests locally (ensure k6 is installed):
k6 run k6-scenario-test.js- ✅ Modules: Feature-based separation.
- ✅ DTOs: Strict input validation using
class-validator. - ✅ Guards: Role-based and auth-based access control.
- ✅ Prisma: Type-safe database queries.
- ✅ Prettier/ESLint: Consistent code style.
- ✅ Cursor Pagination: Keyset pagination implemented for efficient list rendering (e.g., Feed).
Johnvessly Alti Backend-focused Software Engineer Building scalable systems with clean architecture.
MIT License